Supply chains beware: Java carries security risks

In 2016, Java still poses some security risks for supply chain managers, according to a new report from Sonatype. With its 2016 State of the Software Supply Chain document, the source looked at supply chain management practices which could leave businesses exposed. Among these are some troublesome statistics about Java and older application use.

Open source Java component downloads are booming, at least for downloads from the Central Repository, which accounted for more than 31 billion requests. Unfortunately, 6.1 percent of open source downloads last year were found to have a known security defect, just .1 percent lower than the previous year.

Since the vast majority of component downloads "cannot be traced or audited," relying on Java could put companies at too much of a risk. For supply chains, the solution might be tools that are as easy to use as open source but not as vulnerable.

Java downloads could lead to possible exploits for users.

Java users may already know about the program's security issues, based on its history of patches and leaks. Earlier this month, Adobe announced the presence of 52 Flash vulnerabilities. It responded with a series of five product updates, all but one of which were at Priority Level 1, the highest rating recommended for immediate action. The remaining solution was at Priority Level 3, the lowest.

While the growth of downloads could mean more web-friendly enterprises, caution is needed to avoid raising security risks. IT managers in all industries can avoid Java issues by using a web-based terminal emulator for mainframe application growth instead. Javascript and pure HTML offer an environment that's fast, easy to access and customizable to consumer needs.

Inventu Flynet Viewer is compatible with current browsers and still useful for older functions that need to migrate to new devices. Contact us today to find out more.